<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>修改资料</title>
<style type="text/css">
<!--
td {  font-size: 9pt}
-->
</style>
</head>
<body bgcolor="#ffffff" topmargin=0>

<?php

include 'config.php';

function check_password($password)
{
	return 1;
}

if (isset($_POST['submit'])) {
	$newpassword = $_POST['password'];
	$newpassword2 = $_POST['password2'];
	$userinfo = $configValues['CONFIG_DB_TBL_DALOUSERINFO'];
	include ("checklogin.php");
	$username = $_SESSION['westlakeusername'];

	if ( $newpassword != $newpassword2) {
		echo "<br/><br/>密码不一致。<br/>";
		echo '<a href="/">返回主页</a>';
		exit;
	}
	if ( !check_password($newpassword)) {
		echo "<br/><br/>密码格式错误。<br/>";
		echo '<a href="/">返回主页</a>';
		exit;
	}

	include 'opendb.php';

	/* check if user already exists */
	$sql = "SELECT username, portalloginpassword FROM $userinfo WHERE username = '$username'";
	$res = $dbSocket->query($sql);
	if ($res->numRows() == 0){
		echo "<br/><br/>用户不存在<br/>";
		echo '<a href="/">返回主页</a>';
		$dbSocket->disconnect();
		exit;
	}
	$row = $res->fetchRow();
	$oldpassword = $row[1];
	if ($oldpassword == $newpassword){
		echo "<br/><br/>密码没有改变。<br/>";
		echo '<a href="/">返回主页</a>';
		$dbSocket->disconnect();
		exit;
	}

	/* update passwd table */
	$sql = "UPDATE radcheck SET password='$newpassword' WHERE username = '$username'";
	$sql = "UPDATE userinfo SET portalloginpassword='$newpassword' WHERE username = '$username'";
	$res = $dbSocket->query($sql);

	$dbSocket->disconnect();

	echo "<br/><br/>密码修改成功！<br/>";
	echo '<a href="/">返回主页</a>';

	exit;
} // if submit
else{
	echo "<br/><br/>No action.<br/>";
	exit;
}
?>
</body>

